Google said its new Nest security practices include adopting standards Google has long held as well as implementing new updates that are specific to Nest’s connected home devices and services. Specifically, Google will begin certifying Nest devices sold in 2019 or later using an independent security standard, including those developed by the Internet of Secure Things Alliance (ioXt). The company will also publish the validation results that explain how its products hold up to those standards, and will assess new products against the standards prior to launch. Meanwhile, Google said Nest will now participate in the Google vulnerability rewards program, which pays outside security researchers for finding vulnerabilities and reporting them to the Nest Security team. Google has also committed to patching critical issues known to Google Nest, promising automatic bug and security fix support for a minimum of 5 years. Nest devices will also be added to the Google device activity page to give users visibility into which devices are connected to their account. It’s worth noting that Nest users have already had access to these security protections, providing they coupled their devices with an active Google account. In terms of privacy, Google said it has updated a section in its privacy commitments to better reflect its focus on openness. Nest product manager Ryan Campbell said in a blog post: Google’s latest security updates to the Nest product family builds on changes made by Google to try and bolster the security posture of its products. In February 2020, Google rolled out two-factor authentication (2FA) to Nest devices, and prior to that, reCAPTCHA Enterprise was integrated with Nest accounts to mitigate the risk of credential stuffing attacks. Finally, we want to acknowledge the way this technology is evolving — for example, our recent announcements on Matter and our work on Project Connected Home over IP ). That’s why we’ve updated a small section in our privacy commitments to better reflect our focus on openness.
RELATED:
Google Nest forcing users into 2FAGoogle opens up Advanced Protection Program to Nest devicesGoogle says ‘hidden’ microphone in Nest product never intended to be a secretGoogle to replace faulty Titan security keys